من به این اخطار بر خوردم راهش را میگم به کارتان میاد
به مسیر زیر بروید :
whmcs/includes/hooks/
و فایل exploitblock.php را باز بکنید و کد زیر را با :
کد PHP:
if(!(defined('ROOTDIR') || defined('WHMCS') || defined('WHMCSDBCONNECT')))
die('Terminating script execution due to security concerns.');
if((!strstr($_SERVER['REQUEST_URI'], $customadminpath) && $customadminpath) || !$customadminpath) {
$checkvars = array('subject', 'message');
foreach($checkvars as $checkvar)
if(strpos($_REQUEST[$checkvar], '{php}') !== false)
die('We\'re sorry, but you cannot use "{php}" in a ticket submission as this is currently being used in exploit attempts. If you do have a legitimate issue, please press the back button in your browser and then change any instances of "{php}" to "(php)" so that your ticket may be submitted. Keep in mind that in the event that you\'re trying to exploit our system, that neither {php} nor (php) will function.');
}
?>
این کد عوض بکنید :
کد PHP:
$file = pathinfo($_SERVER['SCRIPT_NAME']);
$callingScript = $file['basename'];
$checkvars = array('subject', 'message');
foreach ($checkvars AS $checkvar) if ($callingScript != 'configemailtemplates.php' && strpos($_REQUEST[$checkvar], '{php}') !== false) die("We're sorry, but you cannot use \"{php}\" in a ticket submission. If you do have a legitimate issue, please press the back button in your browser and then change any instances of \"{php}\" to \"(php)\" so that your ticket may be submitted. Keep in mind that neither {php} nor (php) will function.");
?>
با سپاس
عیسی لو
پاسخ : ارور
پاسخ با نقل قول